Fake DMCA complaints, DDoS threats lead to BazaLoader malware

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,306
Cybercriminals behind the BazaLoader malware came up with a new lure to trick website owners into opening malicious files: fake notifications about the site being engaged in distributed denial-of-service (DDoS) attacks.
The messages contain a legal threat and a file stored in a Google Drive folder that allegedly provides evidence of the source of the attack.

Fake legal threats​

The DDoS theme is a variation of another lure, a Digital Millennium Copyright Act (DMCA) infringement complaint linking to a file that supposedly contains evidence about stealing images.
In submissions seen by BleepingComputer, the threat actor used Firebase URLs to push BazaLoader. The goal is the same though: use contact forms to deliver BazaLoader malware that often drops Cobalt Strike, which can lead to data theft or a ransomware attack.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top